Origin hasn’t had a spotless track record as a digital download service. Many users were turned off by its invasive install process, and several others accused it of being a rootkit. Now, it turns out than an exploit in Origin’s system could allow hackers to run malicious code on users running the Origin platform.

The vulnerability was shown at the Black Hat security conference in Amsterdam last Friday. It manipulates the system that Origin uses to auto-launch games to run code that users don’t have to authorize. By simply adding a few simple words to Origin’s code, users can be tricked into executing malicious code that’s hosted on a remote database.

This isn’t an exploit that affects Origin alone, however. A similar exploit was demonstrated using Steam last October. At the time, Steam users were urged to disable the automatic launching of Steam URLs in order to protect themselves.